CVE-2022-21587

Name of the Vulnerable Software and Affected Versions Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.11

Description A flaw exists in the Upload component of Oracle Web Applications Desktop Integrator within Oracle E-Business Suite. This issue allows an unauthenticated attacker with network access via HTTP to compromise the application. Successful exploitation can lead to a complete takeover of Oracle Web Applications Desktop Integrator. The vulnerability is easily exploitable and has been actively exploited in the wild. Analysis indicates that exploitation can be achieved through payloads based on Perl and Java Server Pages (JSP) for remote code execution. Reports suggest this issue was exploited as early as January 2023, with a proof-of-concept (POC) published in February 2023.

Recommendations Versions 12.2.3 through 12.2.11 should be updated to a newer, secure version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.